Web Application Firewall

Definition

Security service that protects web applications from common attacks like SQL injection, cross-site scripting, and other web-based threats.

Use Cases

Provider Equivalents

Frequently Asked Questions

What's the difference between a Web Application Firewall (WAF) and a network firewall?
A network firewall mainly controls traffic based on IP addresses, ports, and protocols (layers 3–4). A WAF focuses on HTTP/HTTPS traffic (layer 7) and understands web requests, so it can block attacks like SQL injection, cross-site scripting (XSS), malicious bots, and suspicious request patterns that a network firewall may not detect.
When should I use a Web Application Firewall (WAF)?
Use a WAF when you run any internet-facing web app, API, or login/checkout flow—especially if it handles personal data, payments, or accounts. It’s particularly useful when you need quick protection against common web exploits, want to reduce bot abuse (credential stuffing, scraping), or need to enforce consistent security rules in front of multiple apps.
How much does a Web Application Firewall (WAF) cost?
Costs vary by provider and are usually driven by (1) number of protected resources/policies, (2) number of rules or managed rule sets enabled, and (3) request volume inspected (often priced per million requests). Extra features like bot management, advanced DDoS protection, logging, and custom rule processing can add cost. For accurate estimates, model expected monthly request counts and which managed rule sets/features you need.

Category: security

Difficulty: intermediate

Related Terms

See Also